Under The Wire - Century

Under the Wire trains experienced, developing, and novice Information Technologists to use Windows PowerShell in a variety of situations through innovative and fun wargames.

Ongoing

Under The Wire - Century

The club took a small side-track into Under the Wire, after we had so much fun with Over the Wire.

Level 0

Connect to the server via SSH. The host that you will be connecting to is century.underthewire.tech, on port 22.

Level 0 -> 1

The goal of this level is to log into the game. Do the following in order to achieve this goal.

1. Obtain the initial credentials via the #StartHere channel on our Slack (https://underthewire.herokuapp.com/).

2. After obtaining the credentials, connect to the server via SSH. You will need a SSH client such as Putty. The host that you will be connecting to is century.underthewire.tech, on port 22.

3. When prompted, use the credentials for the applicable game found in the #StartHere Slack channel.

4. You have successfully connected to the game server when your path changes to "PS C:\Users\Century1\documents>".

So, to start, we just have to:
ssh century1@century.underthewire.tech

century1:century1

Level 1 -> 2

The password for Century2 is the build version of the instance of PowerShell installed on this system.

NOTE:
- The format is as follows: **.*.*****.****
- Include all periods
- Be sure to look for build version and NOT PowerShell version

Once you feel you have completed the Century1 challenge, start a new connection to the server, and log in with the username of Century2 and this password will be the answer from Century1. If successful, close out the Century1 connection and begin to solve the Century2 challenge. This concept is repeated over and over until you reach the end of the game.

$PSVersionTable gives us the build:

10.0.14393.3471

Level 2 -> 3

The password for Century3 is the name of the built-in cmdlet that performs the wget like function within PowerShell PLUS the name of the file on the desktop.

NOTE:
- If the name of the cmdlet is "get-web" and the file on the desktop is named "1234", the password would be "get-web1234".
- The password will be lowercase no matter how it appears on the screen.

The PS native equivalent of wget is Invoke-WebRequest and dir shows the file name is 443

invoke-webrequest443

Level 3 -> 4

The password for Century4 is the number of files on the desktop

Using the count property on the output of Get-ChildItem:
Write-Host ( Get-ChildItem c:\users\century3\desktop).Count;

shows us there are 123 files on the desktop

Level 4 -> 5

The password for Century5 is the name of the file within a directory on the desktop that has spaces in its name.

NOTE:
- The password will be lowercase no matter how it appears on the screen.

Running dir, we can see the folder Can You Open Me. To account for the spaces, we simply use it in quotes:
cd ".\Can You Open Me"
Running dir again, we can see the file:
61580

Level 5 -> 6

The password for Century6 is the short name of the domain in which this system resides in PLUS the name of the file on the desktop.

NOTE:
- If the short name of the domain is "blob" and the file on the desktop is named "1234", the password would be "blob1234".
- The password will be lowercase no matter how it appears on the screen.

From the Get-ADDomain output object, we can check the property NetBIOSName to get the server name:
(Get-ADDomain).NetBIOSName
which shows us it is underthewire and the filename on the desktop is called 3347

underthewire3347

Level 6 -> 7

The password for Century7 is the number of folders on the desktop.

Again, we can use the count property of Get-ChildItem, but this time to get the folders on the desktop:
Write-Host (Get-ChildItem c:\users\century6\desktop).count;

shows us there are 197 folders on the desktop

Level 7 -> 8

The password for Century8 is in a readme file somewhere within the contacts, desktop, documents, downloads, favorites, music, or videos folder in the user's profile.

NOTE:
- The password will be lowercase no matter how it appears on the screen.

Looking around, we find C:\users\century7\Downloads\readme.txt

We can cat readme.txt to see the password:
7points

Level 8 -> 9

The password for Century9 is the number of unique entries within the file on the desktop.

We can write a little script to get the unique entries from the file, and count them:

$i=0
cat .\unique.txt | get-unique | foreach-object { $i++ }
$i

which tells us there are 696 unique entries in the file

Level 9 -> 10

The password for Century10 is the 161st word within the file on the desktop.

NOTE:
- The password will be lowercase no matter how it appears on the screen.

Using the split property of the Get-Content output, we can select the 160th item in the list of split words:
(Get-Content "Word_File.txt").Split(" ") | Select -Index 160

which is pierid

FINAL RESULTS

Final Score: